Vulnerability Description
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microfocus | Enterprise Developer | 2.3 |
| Microfocus | Enterprise Server | <= 2.3 |
| Microfocus | Enterprise Server Monitor And Control | - |
Related Weaknesses (CWE)
References
- https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_serve
- https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_serve
FAQ
What is CVE-2017-7420?
CVE-2017-7420 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hot...
How severe is CVE-2017-7420?
CVE-2017-7420 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-7420?
Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Enterprise Developer, Microfocus Enterprise Server, Microfocus Enterprise Server Monitor And Control.